Secure computer system

ABSTRACT

A secure computer system including a host computer unit having embedded in a single package, a host CPU, and an authenticating and security controlling computer, a verification unit and a smart card accepting connector providing a public-key protected communication channel between the authenticating and security controlling computer and the verification unit, in a first mode of operation of the secure computer system, and between the host CPU, via the authenticating and security controlling computer, and a smart card, via smart cord terminal, in a second mode of operation of the secure computer system, wherein communication between the authenticating and security controlling computer and the smart card terminal is unmediated, and wherein the verification unit is operative to verify the identity of the authenticating and security controlling computer in the first mode of operation.

This application is a 371 of International Application PCT/IL/00044filed Feb. 4, 1997.

FILED OF THE INVENTION

The present invention relates to secure computer system in general.

BACKGROUND OF THE INVENTION

The need for a secure computer system is well known. The need for securecomputer systems falls into several categories. The need for securecapabilities which enable a computer to work in a secure environment,such as an electronic mail, remote banking, Internet, securecommunications, telefax, or smart card environment is well known andfalls into a first category of need. In a second category of need, it iswell known that expensive computer CPU chips are often subject to theft.Unfortunately, individual expensive CPU chips can not easily beidentified, and hence the recovery of stolen CPU chips is difficult.There is therefore a need to protect expensive CPU chips.

Methods and apparatus useful in secure computing are described in thefollowing patent applications, commonly owned with the presentapplication, the disclosures of which are hereby incorporated herein byreference:

Israel patent applications 113375 and 115534; and

U.S. patent applications 08/154220 and 08/437,223.

Methods and apparatus useful in secure computing are described in thefollowing publications:

D. E. Denning and M. Smid, “Key escrowing today”, IEEE CommunicationMagazine, September 1994, pp. 58-68;

C. Gressel, R. Granot, and I. Dror, “International CryptographicCommunications Without Key Escrow”, International CryptographicInstitute '95, Washington D.C., Sep. 22, 1995;

R. L. Rivest, A. Shamir, and L. Adleman, “A method for obtaining digitalsignatures and public-key cryptosystems”, Communications of the ACM Vol.21 #2, February 1978, pp. 120-126;

DES Modes of Operation, FIPS PUB 81, National Bureau of Standards, USDepartment of Commerce, Washington, D.C., 1981;

MC68HC05SC49, 8-bit microcomputer with EEPROM and N modulo M exponentcoprocessor product preview, Motorola semiconductor technical data,Schaumburg Ill., 1993;

MC68HC05SC30, Enhanced 8-bit microcomputer with EEPROM and N modulo Mexponent coprocessor product preview, Motorola semiconductor technicaldata, Schaumburg, Ill., 1993;

ST16×F74 CMOS crypto-computer family ST16×F74, SGS-ThomsonMicroelectronics, Agrate, Italy, October 1993;

ST16CF54 CMOS MCU based safeguarded smartcard IC with modular arithmeticprocessor, SGS-Thompson Microelectronics, Agrate, Italy, September 1994;and

Cryptoprocessor chip includes embedded cryptolibrary, SGS-ThompsonMicroelectronics, Agrate, Italy, press release K491M, October 1994.

The disclosure of the above publications and of the publications citedtherein are hereby incorporated by reference. The disclosures of allpublications mentioned in this specification and of the publicationscited therein are hereby incorporated by reference.

SUMMARY OF THE INVENTION

The present invention seeks to provide an improved secure computersystem. In the present invention, an authenticator computer is embeddedin the same package with a host CPU. The embedded authenticator computermay provide secure capabilities such as those described above. Theembedded authenticator computer may also provide identifying informationincluding proof of identity. The identifying information may aid inpreventing theft of the computer system and/or may aid in identificationof a stolen computer system. Because the authenticator computer isembedded in the same package with the host CPU, removing theauthenticator computer in order to circumvent the anti-theftcapabilities thereof will generally be very difficult and/or tooexpensive to attempt.

There is thus provided in accordance with a preferred embodiment of thepresent invention a secure computer including a host CPU and anauthenticator computer, wherein both the host CPU and the authenticatorcomputer are embedded in a single package. The authenticator computermay have an identity and, and the authenticator computer may provideproof of the identity upon receiving an external signal from a verifyingdevice. The proof of the identity may include origin information and/oran audit trail.

The secure computer may also include a smart card receiver, which maycomprise a reader/writer card, including at least one smart cardacceptor socket, each smart card acceptor socket being adapted toreceive a smart card, wherein the authenticator verifies the smart card.The at least one smart card acceptor socket may include a plurality ofsmart card acceptor sockets.

The authenticator may control access to a controlled device. Theauthenticator provides data protection, including data encryption and/ordata decryption. The data protection may include providing and/orverifying a digital signature.

The authenticator may protect data transmission between the securecomputer and a remote device, optionally using approved protocols fortransnational encryption, as well as approved protocols forauthentication origin and contents of documents using an electronicsignature.

There is also provided in accordance with another preferred embodimentof the present invention a method for securing a host computer, themethod including providing a host CPU, providing an authenticatorcomputer, and embedding both the host CPU and the authenticator computerin a single package.

BRIEF DESCRIPTION OF THE DRAWINGS

The present invention will be understood and appreciated from thefollowing detailed description taken in conjunction with the drawings inwhich:

FIG. 1 is a simplified pictorial illustration of a secure computersystem constructed and operative in accordance with a preferredembodiment of the present invention;

FIGS. 2A-2C are simplified pictorial illustrations of alternativepreferred embodiments of the system of FIG. 1, comprising alternativeembodiments thereof for different packaging methods;

FIG. 3 is a simplified flowchart illustration of a preferred method ofoperation of the secure computer system 10 of FIG. 1;

FIG. 4 is a simplified pictorial illustration of an alternativepreferred embodiment of the present invention;

FIG. 5 is a simplified pictorial illustration of a further alternativepreferred embodiment of the present invention;

FIG. 6 is a simplified pictorial illustration of a still furtheralternative preferred embodiment of the present invention; and

FIG. 7 is a simplified block diagram illustration of the secure computersystem of FIG. 1.

DETAILED DESCRIPTION OF PREFERRED EMBODIMENTS

Reference is now made to FIG. 1 which is a simplified pictorialillustration of a secure computer system 10 constructed and operative inaccordance with a preferred embodiment of the present invention. Thesecure computer system 10 comprises an authenticator computer 20. Theauthenticator computer 20 may be any appropriate authenticator computer,such as a cryptocomputer chip or a computer chip designed to rapidlyprocess modular arithmetic operations useful for performingauthentication, encryption, and decryption, as it well known in the art.Preferably, the authenticator computer 20 may be a model ST16CF54available from SGS-Thompson. The authenticator computer 20 mayalternatively be a MC68HC05SC49 8-bit microcomputer, commerciallyavailable from Motorola, Schaumburg Ill., USA.

The authenticator computer 20 is embedded in a single package with ahost CPU 30. The host CPU 30 may be any appropriate CPU. It isappreciated that the present invention, by providing anti-theftcapabilities, is particularly useful in the case where the host CPU 30is an expensive CPU.

Preferably, in order to provide optimal anti-theft capabilities, theembedding, of the authenticator computer 20 and the host CPU 30 into asingle package comprises permanently bonding together the authenticatorcomputer 20 and the host CPU 30. The system of FIG. 1 also comprises anelectrically insulating thermally conducting layer 32, covering theauthenticator computer 20 and the host CPU 30. The electricallyinsulating thermally conducting layer 32 may comprise ceramic or anyother suitable electrically insulating thermally conducting material. Itis appreciated that alternative and/or additional methods of bonding theauthenticator computer 20 and the host CPU 30 may be used, such as, forexample, providing a bonding layer (not shown) between the authenticatorcomputer 20 and the host CPU 30.

The system of FIG. 1 also comprises an external connection 35. Theexternal connection 35 shown in FIG. 1 is arranged, by way of exampleonly, into two smart card reader connectors 37. The external connection35, which typically comprises a plurality of pins, is operative toprovide an electrical connection between the authenticator computer andexternal devices such as one or more smart card readers. The externalconnection 35 may also be operative to provide an electrical connectionto an external device comprising a verification device, as describedbelow with reference to FIG. 6.

The term “smart card reader”, as used throughout the presentspecification and claims, refers to any smart card device, as is wellknown in the art, or to any device using similar technology to provideauthentication and/or transaction security. It is appreciated that asmart card device may accept a card, a key, a button, or any portablesecurity identification item. The card, key, button, or any portablesecurity identification item is referred to throughout the presentspecification and claims as a “smart card”. Typically, a smart carddevice, as is well known in the art, comprises an imbedded processorand/or memory unit which are operative to provide the authenticationand/or transaction security.

Reference is now additionally made to FIGS. 2A-2C, which are simplifiedpictorial illustrations of alternative preferred embodiments of thesystem of FIG. 1, comprising alternative embodiments thereof fordifference packaging methods. The packaging methods of FIGS. 2A-2C arebelieved to simplify the interface between the secure computer system 10and a computer in which the secure computer system 10 is located,particularly by not occupying additional motherboard space or requiringchanges to the motherboard.

FIG. 2A is an exploded view of the secure computer system 10 of FIG. 1,packaged using a lead frame packaging method. The system of FIG. 2A alsocomprises an adaptor 40, which is operative to connect to a plurality ofconductors 42 formed on the surface of the host CPU 30. Theauthenticator computer 20 is in turn operatively connected to theadaptor 40. The host CPU 30 is typically positioned on top of theadaptor 40, with the adaptor 40 being positioned on top of theauthenticator computer 20; this arrangement is deemed preferable inorder to allow sufficient thermal conductance of the host CPU 30. It isappreciated that other physical arrangements of the authenticatorcomputer 20, the host CPU 30, and the adaptor 40 are also possible. Theadaptor 40 is operative to provide an electrical connection between thehost CPU 30 and the authenticator computer 20, and also to provide anelectrical connection via the eternal connection 35 to external devices,as explained above.

FIG. 2B is a simplified pictorial illustration of the secure computersystem 10 of FIG. 1, packaged using a socketed packaging method. Thepackaging method of FIG. 2B is believed to be particularly useful whenadding the authenticator computer 20 to an existing computer system. Thesystem of FIG. 2B comprises an adaptor 45. The adaptor 45 comprises aplurality of conductor pins 50, designed to fit within an existingacceptor socket adapted to receive the host CPU 30. The adaptor 45 alsocomprises an external connector 35, as described above.

The adaptor 45 is adapted to receive the authenticator computer 20,typically inside the adaptor 45. The adaptor 45 is also adapted toreceive the host computer 30, typically on top of the adaptor 45. Theadaptor 45 is operative to provide an electrical connection between thehost CPU 30 and the authenticator computer 20, and also to provide anelectrical connection via the external connection 35 to eternal devices,as explained above.

FIG. 2C is an exploded view of the secure computer system 10 of FIG. 1,packaged using a pin grid array packaging method. The system of FIG. 2Ccomprises a pin grid board 55, comprising a plurality of pins 60. Atleast some of the plurality of pins 60 extend upward above the pin gridboard 55, allowing connection to an authenticator printed circuit board(PC board) 65. The host CPU 30 is mounted to the PC board 65, typicallyon upper side thereof, so that a plurality of pins (not shown) on theunderside of the host CPU 30 extend through holes in the PC board 65 andmake electrical contact with the plurality of pins 60. The authenticatorcomputer 20 is mounted on the pin grid board 55, typically on the upperside thereof. The PC board 65 is operative to provide an electricalconnection between the host CPU 30 and the authenticator computer 20,and also to provide an electrical connection via the external connection35 to external devices, as explained above.

It is appreciated that the embodiments of FIGS. 2A-2C are provided byway of example only, and that a wide variety of packaging methods may beused in packaging the secure computer system 10 of FIG. 1.

The operation of the system of FIG. 1 is now briefly described. Thesecure computer system 10 may receive a request to be processed from anexternal device through the external connection 35 and operate thereon.Requests may also be processed internally; that is, a request may beinitiated by the host CPU 30 and may then be processed by theauthenticator computer 20. In the case of either an external or aninternal request, the output of processing the request by theauthenticator computer 20 may be provided either through the externalconnection 35 or to the host CPU 30, which typically further processesthe output. Typically, a request comprises a request to perform one ofthe following: a digital signature operation; a data transmissionprotection operation; a data protection operation; an access controloperation; a smart card verification operation; or and proof of identityoperation.

Reference is now made to FIG. 3, which is a simplified flowchartillustration of a preferred method of operation of the secure computersystem 10 of FIG. 1. The method of FIG. 3 preferably includes thefollowing steps:

The authenticator computer 20 receives a request, either an internalrequest from the host CPU 30 or an external request from external device(step 100). The request is then processed according to the type ofrequest.

If the request is to perform a digital signature operation, that is, toverify or provide a digital signature, as is well known in the art, theauthenticator computer 20 performs the digital signature operation (step110). Digital signature operations are described, for example, in R. L.Rivest, A. Shamir, and L. Adleman, referred to above. Typically, therequest to provide a digital signature operation is received from thehost CPU 30 and the result of the digital signature operation is outputto the host CPU 30 for further processing.

If the request is to protect a data transmission, the authenticatorcomputer 20 protects the data transmission (step 120). Typically,protection of a data transmission may include data encryption, datadecryption and data verification, as is well known in the art.Protection of a data transmission may also include using an approvedtransnational protocol for protecting a data transmission, such as, forexample, that described by C. Gressel, R. Granot, and I. Dror, referredto above. Other relevant apparatus and methods are also described inIsrael patent applications 13375 and 15534 , and in U.S. patentapplication 08/437,223. Typically, the data to be protected is receivedfrom the host CPU 30 and the result of the data protection operation isoutput to the host CPU 30 for further processing.

Reference is now additionally made to FIG. 4, which is a simplifiedpictorial illustration of an alternative preferred embodiment of thepresent invention. The embodiment of FIG. 4 is especially applicable foruse with step 120 of FIG. 3. The system of FIG. 4 comprises a computer170, the computer 170 comprising the secure computer system 10. Thecomputer 170 is operative to transmit data over a remote data link 175to a remote computer system 180. Protection of data transmission isprovided by the secure computer system 10, as described above.

If the request is to provide data protection, such as, for example, toencrypt or decrypt data which is under control of the host CPU 30, theauthenticator computer 20 provides the data protection (step 130). Thedata protection may comprise encryption of Modes of Operation, referredto above. Typically, the result of the data protection operation isoutput to the host CPU 30 for further processing.

If the request is to control access to an external device, the accesscontrol request is processed by the authenticator computer 20 (step140). The external device may comprise any appropriate external devicesuch as, for example, any of the following: A computerized device; acomputer peripheral device; a locked door; or any other locked accessapparatus. Processing of the access control request typically comprisesreceiving a request, typically from the host CPU 30 and verifying thatthe request is legitimate. Verifying that the request is legitimate maybe performed using any appropriate method, such as a method well knownin the art, for example the methods described R. L. Rivest, A. Shamir,and L. Adleman, referred to above.

If the request is to verify a smart card, the smart card is verified(step 150). Smart cards, as is well known in the art, may be used in awide variety of ways, including the following: to store identifyinginformation about an individual; to store personal or medicalinformation about an individual; and/or to store financial informationfor use in carrying out transactions. Verifying the smart card mayinclude verifying that the smart card is valid, as is well known in theart. Verifying the smart card may also include reading data from thesmart card, as is well known in the art. Verifying the smart card mayalso include carrying out a financial transaction based on informationstored in the smart card, as is well known in the art. Methods forverifying a smart card include those described in R. L. Rivest, A.Shamir and L. Adleman, referred to above.

Reference is now additionally made to FIG. 5, which is a simplifiedpictorial illustration of a further alternative preferred embodiment ofthe present invention. The system of FIG. 5 comprises a computer 185,the computer 185 comprising the secure computer system 10. The computer185 is operatively attached to a smart card receiver 190. The smart cardreceiver 190 is operative to receive a first smart card 195 and,optionally, a second smart card 200 in one or more smart card acceptorsockets 205. It is appreciated that the smart card acceptor sockets 205are adapted to accept the particular form of the smart cards 195 and 200chosen for use, and that the card form is shown in FIG. 5 by way ofexample only.

When the second smart card 200 is used, the first smart card 195typically represents customer information in a financial transaction,and the second smart card 200 typically represents merchant informationor bank teller information in a financial transaction. The securecomputer system 10 is operative to verify the first smart card 195 and,optionally, the second smart card 200, as described above. It isappreciated that by using both the first smart card 195 and the secondsmart card 2000 it is possible to record proof of a transaction both onthe smart card belonging to the customer such as, for example, the firstsmart card 195 and on the smart card belonging to the bank such as, forexample, the second smart card 200. The transaction proof typicallycomprises digital signatures of both the customer and the bank teller.

Processing of the smart card verification request typically comprisesthe authenticator computer 20 receiving a request, typically from thehost CPU 30, and verifying that the request is legitimate, with outputof the verification being sent to the host CPU 30.

If the request is to provide proof of identity, the authenticatorcomputer 20 provides proof of identity (step 160). Typically, proof ofidentity comprises proof of identity of the host CPU 30. By storingidentity information identifying the host CPU 30, the authenticatorcomputer 20 provides an identification function which may aid inpreventing or deterring theft of the host CPU 30. Proof of identity mayalso comprise proof of identity of a user who requests access to certainprotected files or data, in which case proof of identity establishes theuser's access rights.

Reference is now additionally made to FIG. 6, which is a simplifiedpictorial illustration of a still further alternative preferredembodiment of the present invention, the system of FIG. 6 comprises thesecure computer system 10. The system of FIG. 6 further comprises averification unit 210, operatively attached to the secure computersystem 10. The connection between the verification unit 210 and thesecure computer system 10 is preferably a temporary connection which canbe easily made and broken, and preferably comprises a connection to aminimum number of pins within the external connection 35 such as, forexample, two pins. The connection between the verification unit 210 andthe secure computer system 10 is preferably such that the connection maybe made and broken whether or not the secure computer system 10 isinstalled in a computer.

The verification unit 210 is operative to send a signal to the securecomputer system 10, preferably comprising an identification of theverification unit 210. The secure computer system 10 receives the signaland preferably verifies the signal, using verification methods wellknown in the art, to ensure that the verification unit of 210 isauthorized to request proof of identity. If the verification unit 210 isso authorized, the secure computer system 10 provides the verificationsystem 210 with proof of identity, which may be displayed by theverification unit 210, stored in the verification unit 210, and oroutput by the verification unit 210.

Proof of identity preferably comprises at least one of the following:serial number; origin, including at least one of manufacturer, date ofproduction, place of production, and batch run of production; andinformation about a computer or other electronic product or other objectin which the secure computer system 10 is used. It may also includepublic key certificates necessary for controlled use of licensedsoftware. It is appreciated that proof of identity may compriseinformation relating to one or more of the following: the identity ofthe secure computer system 10; the identity of the authenticatorcomputer 20; the identity of the host CPU 30; and the identity of thecomputer of other electronic product or other object in which the securecomputer system 10 is used. Proof of identity may also include an audittrail typically comprising historical information concerning themanufacture and use of the secure computer system 10.

Reference is now made to FIG. 7, which is a simplified block diagramillustration of the secure computer system 10 of FIG. 1. The system ofFIG. 7 is self-explanatory, except as follows. The external connection35 is preferably fused, to prevent application of an externalover-voltage from damaging the authenticator computer 20 and thusremoving the authenticator computer 20 from operation. Such damage mightallow access without intervention by the authenticator computer 20destroying the authenticator with the unique identity allowing the useof a stolen CPU.

It is appreciated that the software components of the present inventionmay, if desired, be implemented in ROM (read-only memory) form.Preferably, in the present invention a ROM would be electricallyprogrammable and masked on during silicon fabrication. Preferably mostof the program would be masked in the fabrication. Keys would begenerated internally with the real random number generator and storedelectronically programmable ROM and propriety program can be downloadedby a trusted third party using protocols as mentioned above. Thesoftware components may, generally, be implemented in hardware, ifdesired, using any conventional techniques.

It is appreciated that various features of the invention which are, forclarity, described in the contexts of separate embodiments may also beprovided in combination in a single embodiment. Conversely, variousfeatures of the invention which are, for brevity, described in thecontext of a single embodiment may also be provided separately or in anysuitable combination.

It will be appreciated by persons skilled in the art that the presentinvention is not limited to what has been particularly shown anddescribed hereinabove. Rather, the scope of the present invention isdefined only by the claims that follow:

What is claimed is:
 1. A secure computer system comprising: a hostcomputer unit having embedded in a single package: a host CPU; and anauthenticating and security controlling computer; a verification unit;and a smart card accepting connector providing a public-key protectedcommunication channel between the authenticating and securitycontrolling computer and the verification unit, in a first mode ofoperation of the secure computer system, and between the host CPU, viathe authenticating and security controlling computer, and a smart card,via a smart card terminal, in a second mode of operation of the securecomputer system; wherein communication between the authenticating andsecurity controlling computer and the smart card terminal is unmediated;and wherein the verification unit is operative to verify the identity ofthe authenticating and security controlling computer in said first moveof operation.
 2. A system according to claim 1, wherein thecommunication between the authenticating and security controlledcomputer and the smart card terminal is not mediated by interveningsoftware units.
 3. A method for securing a computer system comprising:providing a host computer unit including embedding a host CPU and anauthenticating and security controlling computer; in a single package;providing a smart card accepting connector comprising a public-keyprotected communication channel between, in a first mode of operation ofthe computer system, the authenticating and security controllingcomputer and a verification unit, and between, in a second mode ofoperation of the computer system, the host CPU, via the authenticatingand security controlling computer, and a smart card, via a smart cardterminal; wherein communicating between the authenticating and securitycontrolling computer and the smart card terminal is unmediated; andwherein the verification unit is operative to verify the identify of theauthenticating and security controlling computer in said first mode ofoperation.